An application delivery controller (ADC) essentially acts a reverse proxy. That means that client requests interact with the ADC, and the ADC interacts with web and application servers on the client's behalf. This mediation offers the chance to implement acceleration, availability, and security features without requiring changes to existing applications.

There are many, many more features in an ADC that provide significant value. These eight capabilities are the most commonly employed features in reverse-proxy application delivery solutions that provide immediate benefits to web applications, and all can be used without modifying applications or the servers on which they are deployed.

Load-balancing An ADC offers basic (layer 4) load-balancing as well as advanced (layer 7) load-balancing capabilities. Load-balancing applications distributes requests across a pool (farm, cluster) of servers in such a way as to improve performance and availability of applications. Load-balancing is a form of server virtualization.

Web application security An ADC with integrated web application security capabilities allows you to add web application threat defense to all applications at the same time, without modifying the apps. This feature makes your apps more secure by inspecting requests and thwarting attempts to exploit SQL, XSS, and other web application vulnerabilities.

Protocol security An ADC acting as a reverse proxy can inspect and validate the protocols used to transport requests, such as TCP, HTTP, FTP, and SMTP. This prevents exploitation of protocol layer vulnerabilities from wreaking havoc inside your data center.

Intelligent Compression Compression is often used to reduce bandwidth and improve response times of applications. Depending on the location of the client (LAN, WAN) and network conditions, applying compression may actually degrade performance. An ADC can intelligently determine whether compression will result in a positive impact on application performance based on numerous factors. When it does apply compression, it is usually hardware accelerated, making it much more efficient than the compression features utilized by web and application servers.

Caching Because an ADC mediates requests it can inspect them and determine whether they can be cached. By caching static or infrequently changing dynamic data, an ADC improves the response time of applications and reduces load on web and application servers, which makes them run more efficiently.

High-availability and failover An ADC, through load-balancing and intelligent monitoring capabilities, can ensure that client requests are sent only to servers that can respond in a timely fashion. If a server is unavailable, the ADC can direct the request to another server to ensure continued availability.

SSL An ADC can SSL enable an entire site or application. SSL functions on an ADC are almost always hardware accelerated, meaning negotiation and bulk encryption/decryption operations are much more efficient than when performed on a web or application server. By allowing the ADC to SSL enable a site or application, it removes the need to modify the configuration on all web and application servers to support SSL, and ensures that other security solutions (IDS, IPS, logging) can be employed by terminating SSL at the edge of the network.

Connection optimization When an ADC proxies requests it manages connections to the servers. Because of this separation it can optimize the connections to servers and reuse connections to improve performance and reduce load on the servers. This makes the web and application servers more efficient and improves response times.

last modified: August 01, 2008

0 Comment(s):

You must be logged in to post comments.

About the Author

Lori MacVittie

Lori MacVittie is a subject matter expert on emerging technology responsible for education and evangelism across F5’s entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University, and is an O’Reilly author.